package com.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;

import static org.springframework.security.config.Customizer.withDefaults;


@Configuration
public class Saml2LoginConfig {

    @EnableWebSecurity
    public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                    .saml2Login(withDefaults());
        }
    }

    @Bean
    public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
        return new InMemoryRelyingPartyRegistrationRepository(this.getSaml2RelyingPartyRegistration());
    }

    private RelyingPartyRegistration getSaml2RelyingPartyRegistration() {
        //remote IDP entity ID
        String idpEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php";
        //remote WebSSO Endpoint - Where to Send AuthNRequests to
        String webSsoEndpoint = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php";
        //local registration ID
        String registrationId = "simplesamlphp";
        //local entity ID - autogenerated based on URL
        String localEntityIdTemplate = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
        //local signing (and decryption key)
        Saml2X509Credential signingCredential = getSigningCredential();
        //IDP certificate for verification of incoming messages
        Saml2X509Credential idpVerificationCertificate = getVerificationCertificate();
        return RelyingPartyRegistration.withRegistrationId(registrationId)
                .assertingPartyDetails(assertingPartyDetails->{
                    assertingPartyDetails.entityId(idpEntityId);
                })
                .idpWebSsoUrl(webSsoEndpoint).signingX509Credentials(
                        collection -> {
                            collection.add(signingCredential);
                            collection.add(idpVerificationCertificate);
                        }
                )
                .localEntityIdTemplate(localEntityIdTemplate)
                .build();
    }

    private Saml2X509Credential getVerificationCertificate() {
        return null;
    }

    private Saml2X509Credential getSigningCredential() {
        return null;
    }
}

